Acts 2017
(ii)
(iii)
(iv)
(v)
495
the alteration of;
the disclosure of;
the accidental loss of; and
the destruction of,
the data in his control; and
(b) ensure that the measures provide a level of security
appropriate for –
(i)
the harm that might result from –
(A) the unauthorised access to;
(B) the alteration of;
(C) the disclosure of;
(D) the destruction of,
(2)
(a)
the data and its accidental loss; and
(ii)
the nature of the data concerned.
The measures referred to in subsection (1) shall include –
(i)
the pseudonymisation and encryption of personal
data;
(ii) the ability to ensure the ongoing confidentiality,
integrity, availability and resilience of processing
systems and services;
(iii) the ability to restore the availability and access
to personal data in a timely manner in the event
of a physical or technical incident; and
(iv) a process for regularly testing, assessing and
evaluating the effectiveness of technical and
organisational measures for ensuring the security
of the processing.
(b) The Office may lay down technical standards for the
requirements specified in paragraph (a).